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REMARKS 

By this amendment, claims 29, 32, and 34-38 have been 
amended to correct minor informalities therein. Claims 2-6, 
8-14, 16-20, 22-30 and 32-3 9 remain pending in the subject 
application. Among pending claims 2-6, 8-14, 16-20, 22-30, 
and 32-39: 

Claim 6 is an independent claim with claims 2, 3, 4, 5, 
8, 9, 10, 11, 12, 13, and 14 depending therefrom; 

Claim 20 is an independent claim with claims 16, 17, 
18, 19, 22, 23, 24, 25, 26, 27, and 28 depending therefrom; 

Claim 2 9 is an independent claim; 

Claim 30 is an independent claim; 

Claim 32 is an independent claim with claims 33, 34, 
35, and 3 6 depending therefrom; 

Claim 37 is an independent claim; 
Claim 3 8 is an independent claim; and 
Claim 3 9 is an independent claim. 

Rejection of Claims 2-6, 8-14, 16-20, 22-30, and 32-39 

Under 35 U.S.C. § 103 

In Paragraph 9, the Office action rejected claims 2-6, 
8-14, 16-30, and 32-39 under 35 U.S.C. § 103(a) as being 
unpatentable over Vogel (U.S. Patent No. 5,815,683, herein 
after referred to as "Vogel"), and further in view of Rosendw 
et al . (U.S. Patent No. 5,483,596, herein after referred to as 
"Rosenow"), Montague et al . (U.S. Patent No. 5,675,782, herein 
after referred to as "Montague"), and Pile et al . (U.S. Patent 
No. 5,510,777, herein after referred to as "Pile"). Because 
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claim 21 was previously cancelled, the inclusion of claim 21 
in the rejected claims is apparently a typographic error. 
Accordingly, the rejection of claims 2-6, 8-14, 16-20, 22-30, 
and 32-39 under 35 U.S.C. § 103 is respectfully traversed. 

Vogel discloses accessing a remote CAD tool server. 
Specifically with reference to Fig. 2, Vogel discloses in 
column 3, lines 5-15, that the process of accessing CAD tool 
server 10 by a client 12 starts with the client 12 
establishing an access connection to access facilitator 14, 
step 18. Upon accepting the client's access connection, 
access facilitator 14 obtains the internetworking address of 
client 12 and provides client 12 with an interface to submit 
access requests, step 20. For each access request received, 
access facilitator 14 routes the access request including 
client's internetworking address to CAD tool server 10, 
step 22. CAD tool server 10 services the request and responds 
to client 12 directly, using the internetworking address 
provided, step 24. With reference to Figs. 4, 5, and 6, Vogel 
disclose the software environments of the client 12, the 
access facilitator 14, and CAD tool server 10, 

Montague discloses controlling access to objects on 
multiple operating systems. Specifically in column 3, 
lines 9-26, Montague discloses that in response to a request 
by the user, the network operating system determines the 
trustees that can have the specific access rights assigned to 
them and returns a list of the trustees in a format that is 
independent of the network operating system on which the 
specific access rights are to be set. A user must have the 
right to grant access to the entity and can only affect the 
access rights of a trustee on the list. Another step of the 
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method is to enable a user to view a trustee's access 
permissions to an entity. Preferably, the set of predefined 
generic requests includes at least one of: (a) granting of 
access rights to the entity; (b) setting access rights to the 
entity; (c) denying access rights to the entity; (d) revoking 
explicit access rights to a specific entity; (e) replacing all 
access rights to the entity; (f) determining if access to the 
entity is permitted; (g) getting effective access rights for a 
specific entity; (h) listing trustees who have explicit access 
rights to the entity; and, (i) enumerating all trustees who 
may be granted access rights to the entity. 

It is respectfully submitted that Montague discloses a 
set of predefined generic requests, which does not cure the 
deficiency of Vogle in making the claims in the subject 
application obvious. 

Pile discloses in column 2, lines 19-29, receiving from 
a requester a request for access to a destination, the nature 
of the request itself specifying a first level of security 
processing, and prompting the requester to supply additional 
authentication information, beyond that which may be supplied 
by the requester in an attempt to meet the first level of 
security processing, only if it is determined from a 
predetermined set of attributes of the particular access 
request that additional security processing is necessary 
before access can be granted to the destination, 

Rosenow discloses in column 4, lines 46-55 a compact, 
physically secure, high-performance access controller that is 
electrically connected to each access-managed resource or 
group of resources in a computer system. Whenever access - 
managed resources attempt to establish communications, their 
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associated access controllers exchange sets of internally 
generated DES encrypted access authorization codes utilizing 
protocols characterized by multiple random numbers, resource 
authorization keys, serial number verification, and session 
authorization keys. Each new session employs different 
encryption keys derived from multiple random numbers and 
multiple hidden algorithms. The access control management 
data exchanges are transparent to the user, and the keys 
employed are not transmitted across a communications Jine. 

Claim 6 calls for, among other things, security 
services for presenting to a user of the client a plurality of 
user authentication protocol options, each user authentication 
protocol option having a particular level of authentication 
associated with it; and a keysafe for storing keys, thereby 
enabling the client to access the available services without 
storing the service communication code and keys at the client 

licivxRy K^Kj v^dJ-JLy kj±. rcniieiiLDcr uiiciu. xo j_ copfcv- 1. j_ lax J.y 

submitted that at least a combination of these and other 
elements specified in claim 6 is neither taught nor suggested 
in Vogel, Rosenow, Montague, and Pile, either singly or in 
combination. Therefore, Vogel in view of Rosenow, Montague, 
and Pile cannot make claim 6 obvious under 35 U.S. C. § 103. 

Claims 2-5 and 8-14 depend from claim 6 and are 
therefore allowable over Vogel in view of Rosenow, Montague, 
and Pile for at least the same reasons as claim 6. 

Claim 20 calls for, among other things, presenting to a 
user of the client a plurality of user authentication protocol 
options, each user authentication protocol option having a 
particular level of authentication associated with it; and 
retrieving a key from a set of keys, each key corresponding to 
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a respective service from the set of available services, 
thereby enabling the client to access the available services 
without storing the service communication code and keys at the 
client or having to carry or remember them. It is 
respectfully submitted that at least a combination of these 
and other elements specified in claim 20 is neither taught nor 
suggested in Vogel, Rosenow, Montague, and Pile, either singly 
or in combination. Therefore, Vogel in view of Rosenow, 
Montague, and Pile cannot make claim 2 0 obvious under 3 5 
U.S.C. § 103, 

Claims 16-19 and 22-28 depend from claim 20 and are 
therefore allowable over Vogel in view of Rosenow, Montague, 
and Pile for at least the same reasons as claim 20. 

Claim 2 9 calls for, among other things, means for 
presenting to a user of the client a plurality of user 
authentication protocol options, each user authentication 
protocol option having a particular level of authentication; 
and means for retrieving a key from a set of keys, each key 
corresponding to a respective service from the set of 
available services, thereby enabling the client to access the 
available services without storing the service communication 
code and keys at the client. It is respectfully submitted 
that at least a combination of these and other elements 
specified in claim 29 is neither taught nor suggested in 
Vogel, Rosenow, Montague, and Pile, either singly or in 
combination. Therefore, Vogel in view of Rosenow, Montague, 
and Pile cannot make claim 2 9 obvious under 35 U.S.C. § 103. 

Claim 3 0 calls for, among other things, presenting to a 
user of the client a plurality of user authentication protocol 
options, each user authentication protocol option having a 



20104067.1 



-17- 



PATENT 
25587-033-004 
(40827 .00004) 



particular level of authentication associated with it; and 
retrieving a key from a set of keys, each key corresponding to 
a respective service from the set of available services, 
thereby enabling the client to access the available services 
without storing the service communication code and keys at the 
client or having to carry or remember them. It is 
respectfully submitted that at least a combination of these 
and other elements specified in claim 30 is neither taught nor 
suggested in Vogel, Rosenow, Montague, and Pile, either singly 
or in combination. Therefore, Vogel in view of Rosenow, 
Montague, and Pile cannot make claim 3 0 obvious under 3 5 
U.S.C. § 103. 

Claim 32 calls for, among other things, storing the 
security information at a location remote from the client; and 
using the stored security information to enable the user 
access to the secured network service without requiring the 
user to supply the stored security information. It is 
respectfully submitted that at least a combination of these 
and other elements specified in claim 32 is neither taught nor 
suggested in Vogel, Rosenow, Montague, and Pile, either singly 
or in combination. Therefore, Vogel in view of Rosenow, 
Montague, and Pile cannot make claim 32 obvious under 35 
U.S.C. § 103. 

Claims 33-36 depend from claim 32 and are therefore 
allowable over Vogel in view of Rosenow, Montague, and Pile 
for at least the same reasons as claim 32. 

Claim 37 calls for, among other things, means for 
storing the security information at a location remote from the 
client; and means for using the stored security information to 
enable the user access to the secured network service without 
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requiring the user to supply the stored security information. 
It is respectfully submitted that at least a combination of 
these and other elements specified in claim 37 is neither 
taught nor suggested in Vogel, Rosenow, Montague, and Pile, 
either singly or in combination. Therefore, Vogel in view of 
Rosenow, Montague, and Pile cannot make claim 3 7 obvious under 
35 U.S.C. § 103. 

Claim 38 calls for, among other things, storing the 
security information at a location remote from the client; and 
using the stored security information to enable the user 
access to the secured network service without requiring the 
user to supply the stored security • information. It is 
respectfully submitted that at least a combination of these 
and other elements specified in claim 38 is neither taught nor 
suggested in Vogel, Rosenow, Montague, and Pile, either singly 
or in combination. Therefore, Vogel in view of Rosenow, 
Montague, and Pile cannot make claim 3 8 obvious under 3 5 
U.S.C. § 103. 

Claim 3 9 calls for, among other things, security 
services for presenting a user of the client a plurality of 
user authentication protocol options, each user authentication 
protocol option having a particular level of authentication 
associated with it, for authenticating the user according to 
at least one user authentication protocol and for determining 
user privileges based on the identity of the user and the 
level of authentication. It is respectfully submitted that at 
least a combination of these and other elements specified in 
claim 3 9 is neither taught nor suggested in Vogel, Rosenow, 
Montague, and Pile, either singly or in combination. 
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Therefore, Vogel in view of Rosenow, Montague, and Pile cannot 
make claim 39 obvious under 35 U.S. C. § 103. 



32-3 9 currently pending in the subject application are 
believed to have overcome the rejections and be allowable. 
The subject application is in condition for allowance. Such 
action is respectfully requested. 



additional fees to Manatt, Phelps & Phillips' Deposit Account 
No. 50-1847 or to credit any overpayment to the same for all 
matters during the prosecution of the subject application. 

Respectfully submitted, 

MAIn^ATT, PHELPS & PHILLIPS 
Attorneys for Applicants 



CONCLUSION 



In view of above, claims 2-6, 8-14, 16-20, 22-30, and 



The Commissioner is hereby authorized to charge any 




Manattr, Phelps, & Phillips 
10.01 Page Mill Road, Building 2 
Palo Alto, CA 94304 
Tel : 650-812-1300 



Date: January 30, 2004 



20104067.1 



-20- 



